db/update/Archive: validate directory names
Fixes assertion failure if the ZIP file contains a path that begins with a slash. Closes https://github.com/MusicPlayerDaemon/MPD/issues/1793
This commit is contained in:
Max Kellermann
parent
96befa138c
commit
1417578b3d
2
NEWS
2
NEWS
|
|
@ -1,6 +1,8 @@
|
|||
ver 0.23.13 (not yet released)
|
||||
* input
|
||||
- curl: fix busy loop after connection failed
|
||||
* archive
|
||||
- zzip: fix crash bug
|
||||
* decoder
|
||||
- gme: require GME 0.6 or later
|
||||
* output
|
||||
|
|
|
|||
|
|
@ -67,6 +67,9 @@ UpdateWalk::UpdateArchiveTree(ArchiveFile &archive, Directory &directory,
|
|||
const char *tmp = std::strchr(name, '/');
|
||||
if (tmp) {
|
||||
const std::string_view child_name(name, tmp - name);
|
||||
if (!IsAcceptableFilename(child_name))
|
||||
return;
|
||||
|
||||
//add dir is not there already
|
||||
Directory *subdir = LockMakeChild(directory, child_name);
|
||||
subdir->device = DEVICE_INARCHIVE;
|
||||
|
|
|
|||
Loading…
Reference in New Issue